Page 7 of 38 results (0.005 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-9941

https://notcve.org/view.php?id=CVE-2016-9941

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Desbordamiento de búfer basado en memoria dinámica en rfbproto.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un mensaje FramebufferUpdate manipulado que contiene un subrectángulo fuera del área de dibujo del cliente. • http://www.debian.org/security/2017/dsa-3753 http://www.securityfocus.com/bid/95170 https://github.com/LibVNC/libvncserver/pull/137 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://security.gentoo.org/glsa/201702-24 https://usn.ubuntu.com/4587-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-9942

https://notcve.org/view.php?id=CVE-2016-9942

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Desbordamiento de búfer basado en memoria dinámica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un mensaje FramebufferUpdate manipulado con el título de tipo Ultra, de manera que la longitud de la carga útil LZO descomprimida excede lo especificado por las dimensiones del azulejo. • http://www.debian.org/security/2017/dsa-3753 http://www.securityfocus.com/bid/95170 https://github.com/LibVNC/libvncserver/pull/137 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://security.gentoo.org/glsa/201702-24 https://usn.ubuntu.com/4587-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

CVE-2014-6051 – libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling

https://notcve.org/view.php?id=CVE-2014-6051

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. Desbordamiento de enteros en la función MallocFrameBuffer en vncviewer.c en LibVNCServer 0.9.9 y anteriores permite a servidores remotos VNC causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un anuncio para un tamaño grande de pantalla, lo que provoca un desbordamiento de buffer basado en memoria dinámica. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-0113.html http://seclists.org/oss-sec/2014/q3/639 http://secunia.com/advisories/61506 http://www.debian.org/security/2014/dsa-3081 http://www.ocert.org/advisories/ocert-2014-007.html http://www.openwall.com/lists& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1

CVE-2014-6052 – libvncserver: NULL pointer dereference flaw in framebuffer setup

https://notcve.org/view.php?id=CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. La función HandleRFBServerMessage en libvncclient/rfbproto.c en LibVNCServer 0.9.9 y anteriores no comprueba ciertos valores de retorno malloc, lo que permite a servidores remotos VNC causar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario mediante la especificación de un tamaño de pantalla grande en un mensaje (1) FramebufferUpdate, (2) ResizeFrameBuffer, o (3) PalmVNCReSizeFrameBuffer. A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://seclists.org/oss-sec/2014/q3/639 http://secunia.com/advisories/61506 http://secunia.com/advisories/61682 http://ubuntu.com/usn/usn-2365-1 http://www.debian.org/security/2014/dsa-3081 http://www.ocert.org/advisories/ocert-2014-007.html http://www.openwall.com/lists/oss-security/2014/09/25/11 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus. • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 6.0EPSS: 11%CPEs: 4EXPL: 0

CVE-2014-6053 – libvncserver: server NULL pointer dereference flaw in ClientCutText message handling

https://notcve.org/view.php?id=CVE-2014-6053

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. La función rfbProcessClientNormalMessage en libvncserver/rfbserver.c en LibVNCServer 0.9.9 y anteriores no maneja correctamente los intentos de enviar una cantidad grande de datos ClientCutText, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria o caída del demonio) a través de un mensaje manipulado que está procesado mediante el uso de un único malloc no comprobado. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. • http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://seclists.org/oss-sec/2014/q3/639 http://secunia.com/advisories/61506 http://secunia.com/advisories/61682 http://ubuntu.com/usn/usn-2365-1 http://www.debian.org/security/2014/dsa-3081 http://www.ocert.org/advisories/ocert-2014-007.html http://www.openwall.com/lists/oss-security/2014/09/25/11 https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 https://lists.debian.org • CWE-19: Data Processing Errors CWE-476: NULL Pointer Dereference •